Bolt v3.7.2 Release Notes
Release Date: 2020-10-19 // over 3 years ago-
To do a 15-second install, use the following:
curl -O https://bolt.cm/distribution/archive/3.7/bolt-3.7.2.tar.gz tar -xzf bolt-3.7.2.tar.gz --strip-components=1 php app/nut init
Bolt 3.7.2
🚀 Released: 2020-10-20. Notable changes:
- 🔒 Security: Restrict
filter
options inRequest
in Twig context - 🔒 Security: Provide a stronger secret for
UrlSigner
- 🔒 Security: Allow only directories to be renamed with
renameFolder
#7867 - 🛠 Fixes slashes in directory names #7871
- 🛠 fixed typo 'an' to 'and' in README #7875
- Check if we have a current user, prevent "Trying to access array offset" extension #7869
- 🛠 Fix ContextErrorException in PHP 7.4 #7868
- ⚡️ Update composer.json: Add
"public-dir": "public"
#7866
🔒 Special thanks go out to the following for responsibly disclosing a security issue to us:
- Charles Fol - https://www.ambionics.io/
- ERNW Research GmbH - https://ernw.de/
- 🔒 Security: Restrict
Previous changes from v3.7.1
-
To do a 15-second install, use the following:
curl -O https://bolt.cm/distribution/archive/3.7/bolt-v3.7.1.tar.gz tar -xzf bolt-v3.7.1.tar.gz --strip-components=1 php app/nut init
📚 For detailed installation instructions and other ways to install, see the documentation: https://docs.bolt.cm/3.6/installation/installation
🚀 Released: 2020-05-07. Notable changes:
- 🔒 Security: Check CSRF on Preview page, and prevent renaming files to blacklisted filetypes #7853
- 🔄 Change: Add hreflang to allowed_attributes #7855
- ⚡️ Chore: Updating dependencies #7842
- 🛠 Fixed: Fix tag cloud, update NPM deps #7856
- 🛠 Fixed: Select field with multiple contenttypes and display values results in a
ContextErrorException
#7849 - 🛠 Fixed: Trying to access array offset on value of type
null
with PHP 7.4 #7843
🔒 Special thanks go out Sivanesh Ashok for responsibly disclosing the two fixed security issues to us.